Know your Compliance Weaknesses - It’s the Law, and it Helps you Serve your Customers Better

‍

Most business leaders will admit, in confidence and away from an audience and their investors, that their business isn’t perfect. Faults and compromises always get in the way of true best practice, and it’s easy enough to overlook the detail as long as the big picture is suitably alluring. However, new legislation will make it a legal imperative to know where the weaknesses lie - you can’t be purely results-focused, you need to sweat the process too.

‍

The legislation is 2023’s Economic Crime and Corporate Transparency Act (ECCTA), and one of its most significant changes is that business leaders need to actively monitor their organisation, and take active steps to prevent fraud. Previously, it’s been possible for leadership to claim ignorance when law-breaking came to light, making it almost a benefit to be a bit hazy on operational detail - now, the onus is on the company to prevent it happening. The obligation stretches throughout the organisation worldwide, into subsidiaries and even the supply chain: any fraudulent act that benefits the company can earn it an unlimited fine, thanks to secondary legislation that’ll be introduced in the next twelve months.

‍

It’s heft like this which means the spirit of the ECCTA is a lot closer to legislation in the USA, which has led to the Securities and Exchange Commission (SEC) becoming notorious for landing both businesses and executives with significant penalties for things like failing to disclose security breaches. Uber’s CSO earned a three-year sentence and a $148M fine for the business for covering up a 2015 data breach - now that regulatory vibe to monitoring and enforcement is heading across the water, and companies operating in the UK need to get ready. 

‍

The legislation is still under development, but the principles are very clear. The strictest possible reading is that an over-enthusiastic salesperson over-promising to close a sale could be considered fraud - an extreme case, but it’s fraudulent misrepresentation and it benefits the business, then it meets the scope of the Act. 

‍

The solution is to maintain a deep understanding of your business operations, so you can know where the weak points lie and put processes in place to ensure compliance.This is something that Workiro makes easy: the platform establishes digital paper trails from your business out to clients and back again, giving you easy access to data while enabling you to keep clients and customers informed. Being able to view your business’s data flow through a single interface means that your processes are robust and well-documented all the way through the organisation - a key step towards the “active fraud prevention” that can serve as a defence in case of fraudulent activity being discovered. You might find a few things that you might previously have preferred not to know about, but better to know in advance rather than waiting for the Serious Fraud Office to find them out for you. 

‍

For maximum impact, this needs to be paired with an understanding of the people with significant control within the business, with both training and a commitment to transparency that ensures your staff know what’s expected of them. This will be a burden in the short term, as they’ll be sure to point out when another set of compliance tasks are rolled out, but it’ll protect you from an unlimited fine under the terms of the ECCTA - proven steps to avoid fraud is the only defence outlined so far. 

‍

What’s more, it should have a wider benefit to your business and the services you offer. Not only will you have a deeper knowledge of the full span of your business, enabling you to find and address problems that might be impacting the service to your customers, but being conspicuously compliant and forward-looking increasingly reflects well on a business. Get over the hurdle of the additional monitoring and training and you should be able to persuade staff you’re a better company to work for, too.

‍

“Businesses are starting to be a bit more open to the idea about disclosing and declaring what they do when it comes to not just cyber security, but just general practices” says Luke Kiely, CISO at Workiro. “And I think that's a really positive change. I think there's a lot of value in showing how competent and robust your information security programs are. It’s a really positive step for businesses and society and also the investors, being a little bit more open about your approach towards security.”

‍

Robbie Hadfield, Solutions Director at business spend platform Payhawk, agrees. “It’s a competitive advantage thing, transparency. The impact of a cyber attack can have a huge effect on a brand - but it could also have the opposite effect… if you show that you invest in these things around sustainability and integrity in these areas.”

‍

“These organisations that perform better on sustainability are going to be the ones that deliver long term shareholder value. And I know these are some of the key principles and accounting standards changes recently. It's all about transparency for the markets.”

‍

You can hear more from Luke and Robbie about the rules, requirements and potential benefits of ECCTA compliance in our webinar Trading in the UK? You can't ignore the ECCTA - it’s free to view, and gives some in-depth insights from their respective expertise in security and accountancy.